Unscrupulous equipment manufacturers may abuse the intellectual property rights of designers by making use of their designs without permission. Examples of such illegal activity include:    1. Copying FPGA bitstream information from a competitor's product and using it to configure the same kind of FPGA in one's own product.    2. When using a design under license, making more units of the design than the licensing agreement and fees paid would allow (overbuilding).    3. Obtaining design information through fraudulent methods or through reverse engineering and making use of the design without paying any required fees.
Design information may relate to designs which are to be implemented on Field Programmable Gate Arrays or designs which are to be implemented directly as integrated circuits.
A problem faced by owners of such design information, seeking to police abuse of their intellectual property rights, is that it is costly and time consuming to determine whether a particular product does in fact contain the proprietary design fragment. In the case of silicon chips the only practical method is to obtain a sample of the product under suspicion and send it to a specialist laboratory for analysis and reverse engineering. In the case of FPGA designs where the bitstream is encrypted or programmed into antifuse FPGAs, where the state of the anti-fuses is almost impossible to determine even by microscopic analysis, the difficulty of obtaining evidence of wrongdoing is even greater.
As well as allowing the detection of illegal use, the ability to label design components will have other benefits in the area of quality assurance and failure analysis. Modern electronic systems such as personal computers contain hundreds of integrated circuits from tens of IC vendors. Each of these integrated circuit chips is likely to be improved from time to time resulting in different versions of the chip being sold at different times. Some chips may be available from more than one vendor. Some complex ‘System on Chip’ devices may contain IP Cores which themselves are updated from time to time, so different versions of the IP may be present in different chips. The system may contain programmable FPGA chips whose functionality can be changed by downloading a new bitstream while the system is in the field. When FPGA chips are used the configuration of the system is not necessarily fixed at the time of manufacture.
When a system fails in the field it is important for the service engineer or technical support person to be able to determine the ‘version’ of the system and key components within it which has failed. The most practical way of doing this at the present time is to ‘open the lid’ take out the board and examine the top of the package of any suspect chips. Chip packages are usually printed with the part number and a code which can be used to identify the design version and date of manufacture. This system is not perfect because chip packages are becoming smaller, which limits the amount of information that can be printed. Some package materials do not lend themselves to legible printing. Also, marketing people would prefer to use the available space for company logos rather than long product identification codes. In some cases companies deliberately remove markings or ask for unmarked devices in order to make it difficult for competitors to determine which chips have been used in their system. At a practical level it can be difficult to decipher the markings on the top of chip packages. With programmable chips such as FPGAs the labelling on the chip package does not identify the design which has been programmed into the chip.
The industry around licensing IP Cores is still relatively young so there has been little work specifically on detecting the use of IP cores within a larger design. However, several companies offer ‘reverse engineering’ services where they analyse integrated circuit chips to determine the circuits which have been implemented on them. These services are used for competitive analysis purposes and also to provide evidence of patent infringement. Reverse Engineering services could be used to provide evidence of improper use of an IP core within an integrated circuit.
In the context of FPGAs ‘passive’ techniques which use analysis of bitstream or other design files have been proposed to detect unauthorised use of design intellectual property. In most cases analysis to detect the presence of an IP Core is based on obtaining a product containing the suspect FPGA. Normally there will be no access to files from the CAD tools used in the FPGA design process, except the final bitstream. In the case where the bitstream cannot be recovered because it is encrypted or programmed into an antifuse or FLASH based FPGA bitstream, analysis techniques would be useless. Conventional reverse engineering services which conduct an analysis of the physical interconnects on the integrated circuit are also of no help in the FPGA case, because the IP core design cannot be determined by analysing the mask work of the FPGA it is configured into.
In the context of ASIC chips it is common practice to include markings within the mask work for the top metal layers which can be read by the naked eye or through a microscope. These markings often contain company logos, copyright messages and revision data for the masks used to fabricate the design. Sometimes smaller copyright messages are hidden within the maskwork in the hope that a pirate who copies the mask will not notice their presence and remove them and that they can then be used as evidence of copyright infringement.
There is, therefore, a need for a method which can produce an inventory of the chips used in a system, including design version and manufacturing batch information. Such a method should ideally be fast, easy to use, be able to operate without disassembling the equipment containing the chips, require no new pins on the chip packages and work with designs programmed into FPGA chips as well as designs manufactured directly in silicon.